Distributed computing system (DCS) performance is enhanced by caching optimizations. The DCS includes nodes with local caches. Resource accessors such as users are clustered based on their similarity, and the clusters are assigned to nodes. Then processing workloads are distributed among the nodes based on the accessors the workloads implicate, and based on which nodes were assigned to those accessors' clusters. Clustering may place security peers together in a cluster, and hence place peers together on a node. Security peers tend to access the same resources, so those resources will more often be locally cached, improving performance. Workloads implicating peers also tend to access the same resources, such as peers' behavior histories, so those resources will likewise tend to be cached locally, thus optimizing performance as compared for example to randomly assigning accessors to nodes without clustering and without regard to security peer groupings.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The system of claim 1, wherein each analysis node comprises at least one of the following: a physical server, a virtual server, a virtual machine, a container, or a machine in a cloud.
4. The system of claim 1, wherein the system clusters resource accessors into at least five times N accessor clusters.
5. The system of claim 1, wherein a physical processing unit operates both as part of one of the analysis processors and as part of the clustering processor.
12. The method of claim 7, wherein the method clusters resource accessors into at least ten times N accessor clusters.
13. The method of claim 7, wherein the method clusters at least one thousand resource accessors into at least twenty accessor clusters, and distributes analysis workloads to at least ten analysis nodes.
14. The method of claim 7, wherein the method avoids randomly assigning resource accessors to analysis nodes.
15. The method of claim 7, wherein the method assigns at least fifty percent of resource accessors to the same analysis node as at least sixty percent of their security peers.
17. The storage medium of claim 16, wherein the method avoids assigning resource accessors to analysis nodes by assigning tenants to analysis nodes when resource accessors are affiliated with tenants.
19. The storage medium of claim 16, wherein distributing analysis workload AWi to the analysis node ANj comprises caching on ANj statistical data about resource access attempts by resource accessor Ak and statistical data about resource access attempts by at least one security peer of Ak.
20. The storage medium of claim 16, comprising performing analysis workload AWi on the analysis node ANj, wherein the performing includes determining that resource accessor Ak attempted to access a resource Rnew that was not previously accessed by Ak, and ascertaining whether one or more security peers of Ak have accessed Rnew.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 19, 2020
September 6, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.